Hide Forgot
Description of problem: net ads join doesn't use the existing krb5 ticket unless the undocumented -k option is provided. Lack of this documentation is causing great confusion for users (just see how many guide instruct to do "kinit username ; net ads join -U username%password"). # export KRB5CCNAME=/tmp/ticket # kinit Password for admin@DOMAIN.EXAMPLE.COM: # net ads join Enter root's password: Interrupted by signal. # net ads join -U admin Enter admin's password: Interrupted by signal. # net ads join -k Using short domain name -- DOMAIN Joined 'SMBTEST1' to realm 'DOMAIN.EXAMPLE.COM # Version-Release number of selected component (if applicable): samba-common-3.5.6-86.el6_1.4.x86_64
See also https://bugzilla.redhat.com/show_bug.cgi?id=737808.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: The net manpage did not contain documentation for using kerberos authentication. Consequence: Users were not aware how to use kerberos authentication from the net binary. Fix: Manpage update. Result:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1519.html